how often should i upgrade Gentoo

[farmer.ro]

Hello!

i run Gentoo ~amd64 with XFCE, and every morning i update the system with emerge.

but to be honest i am sometimes a bit tired from updating daily, and i would like to know:

off course i would like to stay up to date as much as possible to enhance the security, but updating everyday seems a bit too much for me.

How often should i upgrade the software on a Gentoo ~amd64 system? should i do it daily? weekly? once every two weeks?

[fedeliallalinea]

[axl]

I use a daily cron script. emerge --sync; emerge -NuvD --with-bdeps=y @world and read the mails in the morning. If something went wrong I go and fix it. If not... then everything is ok.

[NeddySeagoon]

farmer.ro,

I run my own rsync server. That updates daily at 3:00AM my time.

Unless there is anything urgent, or something new that I want to play with, I update my systems monthly.
I run all ~arch, on x86, arm, arm64 and amd64 and don't seem to get any nasty surprises.

I have let the x86 and arm systems go for a year or more. That's a very bad thing.
It will give you an advanced course in using portage.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[ct85711]

The main thing to remember, is that the longer you wait in between updates, the more packages that may need to be updated. As that list grows, higher potential of issues too. I used to do daily, but I find I get the usual checksum mismatches regularly enough (usually fixed withing a day) that it becomes more of a pest. For me, I update my systems weekly to biweekly.

Like Neddy said, waiting up to a year or more on updating any Gentoo machine (stable or not) is an guaranteed mess, with the usual recommendation of reinstalling the system for simplest/quickest resolution. Of course it is possible to update the machine, but it will be a difficult learning process (you will learn portage really well by the time you finish, from just trying to work the issues out).

[Ant P.]

Sync daily (because that's how often webrsync updates), read eix-diff/glsa-check output, update as necessary.

[farmer.ro]

so no need to update daily; if i update once a week, i will be fine?

[NeddySeagoon]

farmer.ro,

That will save from the portage learning experience, yes.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[Ant P.]

If you can't decide when to update, do an emerge -DNputv @world. If it's longer than your screen, it's probably a good time to do it.

[farmer.ro]

the reason i ask how often i should update, is because i run aide checks, and when portage upgrades packages on the system it seems to alter the aide.conf in a way that it becomes too much to inspect.

so when portage upgrades, i say, ok now aide changed, so thats fine, after run a new aide, and then it lasts untill the next portage upgrade.

so if i upgrade portage daily then there is alot of work and inspecting to do, if upgrade once a week, the aide checks are more acceptable.

i will try to upgrade only once a week, lets say every monday of the week, but i wonder if it will leave me more vulnerable to possible software exploits, due to not patching the software in time, but hey its a week, would i really matter that much?

[toralf]

[fturco]

I'm currently updating my Gentoo system daily, but I'm pondering to switch to weekly updates instead.

[Logicien]

I think you must not sync Portage more than one time a day otherwise you can be put in a blacklist who will disallow you to sync. I read something like this when I do emerge --sync.
_________________
Paul

[russK]

[szatox]

[eccerr0r]

I think if you really want to minimize portage updates you should:

emaint -a sync # or emerge --sync # every week at minimum

glsa-check -l affected # this will give you a list of packages that have GentooLinuxSecurityAdvisories outstanding

eselect news list # see if there are any alerts that the Devs put out that may cause an update pain. If you see any packages there that you use, it would be wise to update it, its dependencies, and config files related to it as soon as you can - else it may become a mess later.

Doing this minimum is going to get you into trouble later, but at least it keeps you secure.

Also not running ~amd64 ~x86, etc., helps with the churn. Minimizing your per package USE flags or trying to just use the defaults may help.

It's a cost of running latest and having per-package/group of packages customization.

I try to do my updates at least weekly for my outward facing servers (mainly checking for service daemon updates like sshd, httpd, sendmail, etc.). The internal machines that are firewalled I treat less rigorously...



On a side note, anyone know anyone who has been blacklisted? I kind of fear getting blacklisted on "sites" that I didn't set up a portage rsync mirror - I do wonder if there are like 4 machines behind a NAT are rsyncing once a week but all four rsync on the same day. This will look like one machine rsyncing four times that day and thus isn't playing nicely...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?

[szatox]

[eccerr0r]

Main reason: because I can't control the power of each of the machines, there is not one of the machines that I can depend on being on at any time...

Plus the USE flags are different.

My home set of machines I do have a true 'server' and that has a full rsync mirror for portage. While NFS is an option, sometimes I disconnect the cable and I'd rather sync to my server than wait for NFS timeout when something screws up.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?